From owner-freebsd-current  Tue Dec  1 10:54:18 1998
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id KAA02030
          for freebsd-current-outgoing; Tue, 1 Dec 1998 10:54:18 -0800 (PST)
          (envelope-from owner-freebsd-current@FreeBSD.ORG)
Received: from verdi.nethelp.no (verdi.nethelp.no [158.36.41.162])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id KAA01998
          for <freebsd-current@FreeBSD.ORG>; Tue, 1 Dec 1998 10:54:13 -0800 (PST)
          (envelope-from sthaug@nethelp.no)
From: sthaug@nethelp.no
Received: (qmail 29021 invoked by uid 1001); 1 Dec 1998 18:53:50 +0000 (GMT)
To: dillon@apollo.backplane.com
Cc: karl@Denninger.Net, wollman@khavrinen.lcs.mit.edu,
        john.saunders@scitec.com.au, freebsd-current@FreeBSD.ORG
Subject: Re: RE: D.O.S. attack protection enhancements commit (ICMP_BANDLIM)
In-Reply-To: Your message of "Tue, 1 Dec 1998 09:30:09 -0800 (PST)"
References: <199812011730.JAA09274@apollo.backplane.com>
X-Mailer: Mew version 1.05+ on Emacs 19.34.2
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Date: Tue, 01 Dec 1998 19:53:50 +0100
Message-ID: <29019.912538430@verdi.nethelp.no>
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

>     Oh.  no.  20Kpps of illegitimate ICMP traffic.  It would be pretty
>     hard to get even 10pps of legitimate ICMP traffic.  Our most heavily
>     loaded web server only generates 0.5 pps or so in ICMP packets and 
>     receives maybe 1 pps in ICMP.

As another example, UNINETT has a 155 Mbps IP over SDH connection to the
Internet. We use rate limiting (Cisco CAR) for ICMP traffic, and currently
have the limit set to 160 kbps. In practice, this is more than enough.

Steinar Haug, Nethelp consulting, sthaug@nethelp.no

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message